I’ve read some related posts, but don’t think this has been asked as such. For my family members, I’d like to have them all backup using duplicacy GUI (licences bought), and all backup to a single Google Drive account where I have unlimited storage. I’d like to prevent the case though, where one user’s poor Windows / Mac password choice exposes everyone’s data (i.e., my understanding is that the Windows / Mac main password encrypts the storage encryption key).

So my thought is to use one Google Drive storage directory and different encryption keys. Is there any advantage to that vs. just creating a different Google Drive storage directory and using a different encryption key?

I’m also, of course, open to other ideas on why I should or shouldn’t create separate directories and/or use separate encryption keys. I know I’ll be giving up duplicate-free backup by using separate encryption keys (i.e., same file in repository will look like two files in the storage, so will be stored twice).

I want to make a note at the beginning that most of what i’m saying here is just what i think, and not facts. @gchen is the real knowledge base :^) !

cheitzig:

my understanding is that the Windows / Mac main password encrypts the storage encryption key

I think that is incorrect: the storage password is the one you use (read: type) when you init for the first time that particular storage. Afterwards, even though you init multiple repositories to the same target storage, you must always use the same storage password for all those repos. (you may change a storage password with the password command but afterwards you must use this new password for all your storages – just like in the normal usage).

cheitzig:

So my thought is to use one Google Drive storage directory and different encryption keys

@TheBestPessimist is right. Currently all folders backed up to the same directory in the storage must share the same storage encryption password. If you want to use different encryption passwords then they should go to different directories in which case you lose the benefit of cross-computer deduplication.

I think per-client encryption passwords are possible and it is on my to-do list.